Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Illustration: Aïda Amer/Axios
53% of IT security managers don't know whether the cybersecurity products they use actually work as promised, according to an upcoming survey from the Ponemon Institute and security firm AttackIQ.
Why it matters: It's a little unsettling to find out a captain has no idea if the ship is watertight.
- Plus, if 53% seems bad, it's probably a whole lot worse. "People are more likely to say they are confident about themselves, so when you see a study showing low confidence, it’s possibly a lot worse," said Larry Ponemon, of the eponymous Institute.
- The survey included 577 responses from IT managers.
The cybersecurity industry is good at inspiring a lack of faith in the cybersecurity industry.
- Buzz words bandied about in slogans frequently generate as much skepticism as they do enthusiasm. The notion of snake oil products has been so pervasive that companies now advertise around it.
- "You sometimes see companies market their products to the threat of the day but not adapt the tool," says Kiersten Todt, managing director of the Cyber Readiness Institute.
To be sure: Many cybersecurity tools are pretty good at what they do. The problem is that the function of security products is a black box — users can't see the gears turning to verify that a tool works or that they are using it properly.
- "There’s been no methodical approach to check if a product is working as intended," said Chris Kennedy, chief information security officer at study sponsor AttackIQ, which sells products to simulate attacks.
The bottom line: In a better world, security products would inspire more confidence from the people who use them — especially given the cost of cybersecurity.
"Do you have confidence in your door locks?" Kennedy. says. "Put millions of dollars in investment into them, then, yeah, you should have confidence in the product."